Use-After-Free Vulnerability in Linux Kernel's Framebuffer Driver by Linux
CVE-2026-43497

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-43497?

This vulnerability within the Linux kernel's framebuffer subsystem can lead to a use-after-free condition due to improper management of memory mappings on framebuffer pages. Specifically, the dlfb_ops_mmap function fails to set vm_operations_struct for the Virtual Memory Area (VMA), which prevents the kernel from tracking active memory maps. As a result, when the framebuffer backing is reallocated, any existing PTEs (Page Table Entries) remain valid, allowing userspace processes to continue accessing memory that has already been freed. This flaw could lead to unintended data disclosure or crashes, particularly under scenarios involving USB disconnects and framebuffer reallocation. Enhanced mechanisms have been introduced to manage mapping counts and safeguard against these risks.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4f312c30f0368e8d2a76aa650dff73f23490b5e7

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 18dd358de72d57993422cbb5dfb29ccd74efe192

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/4f312c30f0368e8d2a76aa650...

https://git.kernel.org/stable/c/18dd358de72d57993422cbb5d...

https://git.kernel.org/stable/c/da9b065cedfd3b574f229d5be...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43497 Data

JSON